Cyber Security Report 2014

Cyber Security Report 2014

Publishing information Media owner, publisher and editor: Federal Chancellery of the Republic of Austria, Department IV – Coordination, Division IV / 6 – Security Policy Affairs Ballhausplatz 2, 1010 Vienna Graphic design: Federal Chancellery | ARGE Grafik Vienna, May 2014 Table of Contents 1 Introduction 4 2 Cyber situation in 2013 / threat analysis 5 2.1 Actors and their intentions 5 2.2 Methods 6 2.3 Weaknesses 8 3 International developments 9 3.1 European Union 9 3.2 United Nations 10 3.3 NATO 10 3.4 OSCE 11 3.5 Nation-states 11 4 National developments 15 4.1 Actors and structures 15 4.2 Implementation of the ÖSCS 17 5 Cyber exercises 18 5.1 NATO exercise »Cyber Coalition 2013« 18 5.2 Combined Endeavor (CE) 18 5.3 Coalition Warrior Interoperability eXploration, eXperimentation, eXamination, eXercise« (CWIX) 18 6 Summary /outlook 19 1 Introduction In accordance with Austria’s Cyber Space Security Strategy (Österreichische Strategie für Cyber Sicherheit / ÖSCS), the Cyber Security Steering Group has to prepare an annual Cyber Security Report. The first report on cyber security in Austria has to be submitted to the Steering Group by June 2014. The Steering Group will inform the members of the federal government represented in the National Security Council and other members of the government who are responsible for these issues. The aim of the report is to provide a summary review of the cyber threats and other important national and international developments in the preceding year. The Cyber Security Report is based on the thematically relevant reports issued by the individual ministries. 4 2 Cyber situation in 2013 / threat analysis Our present-day society is becoming more and more dependent on technological progress and, consequently, on the confidentiality, availability and integrity of information. States, various social groups but also criminal actors are expanding their ICT »tools«; criminal activities committed via the Internet are thriving. In the age of »digital natives«, the skills of an individual may in fact become a cyber weapon. 2.1 Actors and their intentions Significant threats in cyber space are caused by individual state actors, trying to use cyber space to implement national political and economic interests. In parallel, governments take measures to obtain information supremacy (e.g. propaganda in social media). In 2013 the spotlight was turned particularly on government-controlled cyber espionage. Besides Chinese cyber espionage operations, the activities of the US National Security Agency (NSA) should be mentioned in this context. Data collection programmes (such as Prism), which had originally been introduced to combat terrorism, were also used for cyber espionage. Other states have programmes similar to those of the USA. Another field of criminal activity that should be mentioned in connection with the improper use of the Internet is economic and industrial espionage. Cyber criminals play an important role at a non-governmental level. The perpetrators use the Internet as a crime scene for their world-wide criminal machinations. Their criminal motives range from money-making through spamming1, phishing2 and / or pharming3 to credit card fraud and the sale of confidential data. Criminal organisations offer the technology (both hardware and software) for carrying out cyber attacks against payment to »everyone«. The Internet is not only a crime scene where fraud and financial crimes flourish. It is also an »enabling factor« for all sorts of dangerous cyber attacks against authorities, institutions and enterprises. 1 Today bulk e-mail messages for advertising purposes account for a major part of the Internet traffic. 2 Attempts to deceive users through e-mails (»Click on this link, otherwise your account will be suspended!«) and to prompt them to take harmful actions (e.g. by clicking on a link to a malicious website in an e-mail). Very often the aim is to extract access data (user names, passwords) to assume the digital identity of a user (user profile) and misuse it for criminal activities. 3 Redirecting from a correct website (e.g. www.google.com) to a fake and malicious website controlled by an attacker. In most cases, this website is deceptively similar to the original. The user input (user name, password, TAN codes, etc.) is forwarded to an attacker controlling the fraudulent website. 5 Terrorists use cyber space predominantly for radicalisation, recruiting as well as financing terrorist operations. »Hacktivists« (Internet activists) are a special type of online actors. As they are usually expressing their dissatisfaction through Distributed Denial of Service (DDoS) attacks4 or website defacement5, they could also be described as online protestors in cyber space. H ackers engaged in politically or socially motivated activities in Austria in 2013. The incidents were, however, considerably more harmless than those observed in 2012. The Anonymous movement is the best-known community of hacktivists. In its beginnings, persons joined under the guise of Anonymous to protest against global problems (e.g. infringement of the freedom of speech) or to promote the freedom of the Internet. An increasing number of Anonymous groups focusing on national or regional issues has been emerging in the course of time. Besides ordinary hacktivists, there are also »patriotic hackers«, who are often associated with their government, e.g. the Syrian Electronic Army. Finally, individual hackers or groups of hackers should be mentioned. Driven by various motives, they can cause significant damage through their attacks. However, as recent trends show, »traditional« hackers intruding systems out of curiosity and for playing around have become a relatively small threat. 2.2 Methods The aim of cyber attacks is to compromise the confidentiality, integrity and / or availability of networks, of the equipment used in these networks or the data and services provided on them. There are three categories of cyber attacks: 1. Targeted attacks against a specific target or a selected circle of specific targets. This method is chosen to attack well-protected targets; the malware is tailored to each individual victim. Time-consuming and resource-intensive preparations are required. As far as the actual effects of these attacks are concerned (particularly in terms of data leakage and possible external control), this type of attack (which is also called »advanced persistent threat« or APT) poses the most significant threat. 2. Attacks against a specific group of persons. The attack is directed against a group of persons whose common denominator motivates the perpetrator to launch the cyber attack. 3. Large-scale simultaneous attacks against a maximum of targets. This type of attack is carried out to steal information from as many unidentified computers as possible. Usually, systems with a low level of protection are attacked. There are numerous means and methods to launch successful attacks in and via cyber space. The main attacks identified in 2013 were spying on access data, embedding malware in websites, compromising of databases as well as disrupting the availability of an individual 4 Distributed Denial of Service: a type of attack where a server is »bombarded« with so many requests from numerous systems until it breaks down due to being overwhelmed; as a result, the services provided on it become unavailable. 5 Infiltration of a server and changes to the websites stored on it. 6 services of a network. These attacks were carried out partly in combination with, and very often with the aid of, known malware; in some cases they were launched with programs developed for a specific purpose. The infection of Windows PCs is still the most common way of invading corporate networks. However, Windows itself does no longer pose the most serious problems. The programs used to present Web content (e.g. PDF Viewer, text processing software, Web browsers6 and their plug-ins7) are much more prone to infections. Data manipulated with malware are sent by e-mail by the attackers, referenced through links or embedded into popular websites through webhacks. Due to »social engineering«8 (e.g.»Open this reminder/ Telecom invoice / …«), technical flaws are no longer a prerequisite for infections, and even technical security measures that are implemented properly can be evaded easily. Hence, attackers may gradually penetrate the critical systems of corporate and public networks in order to compromise them. Another method of attack is to invade the services of potential victims that are accessible on the Internet. The websites of associations, groups and SMEs, schools as well as public authorities are particularly vulnerable. In these cases, the attacker is more interested in the resources and visitors of the server attacked than in the victim per se. Since 2013 »Distributed Reflected Denial of Service Attacks« have been used increasingly to attack the availability of online services. The attacker sends numerous small falsified requests on behalf of the victim to legitimate servers; due to their size and large number, the subsequent replies block the victim’s network connection; as a result, the respective online service is no longer accessible. In general, a marked increase in malware attacks directed at mobile phones could be observed in 2013. Moreover, cyber criminals are focusing more strongly on social networks, which they use for committing and preparing various criminal offences. Due to their widespread use, smartphones and tablets also became attractive targets; a huge number of malware programs targets Android (the world’s most popular mobile operating system for smartphones and tablets). Even though technical security solutions have become available to protect these devices, user security awareness is relatively low compared to the sensitisation level of PC and notebook users. The methods of attack described above were used also, and above all, in the context of identified targeted attacks in 2013. As most cases showed, these cyber attacks were realised through spear phishing9 carried out via e-mails containing malware in attachments. During 2013 it became clear that some of the cyber actors expanded and / or changed their practices.

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    20 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us